Is it possible to make an uncrackable password? My password is over 30 characters long with upper and lowercase...

johntheripper > hashcat, for the simple reason that it's modular.

You aren't that interesting user. Don't worry.

Underage skiddie
Queer

Have sex

Another important things are:
No password re-use.
No meaningful words in password. 134t Sp3Ak is stil considered meaningful for purposes of this.

I am pretty sure you already considered this, but i felt it deserves to be stated explicitly.

This is meme-answer, but it HAS certain merits. Looking as uninteresting target is actually pretty reasonable security measure. When applicable, of course.

Just use a password manager.......

We're all scared of blacks but you don't have to go that far with a password, they have a hard time with reading and writing as it is.

you don't need rockyou or NSA ruleset if you just use hashcat with FPGAs in multiforce mode

>change pw often

That is useless except when your password has already been found out.

>uncrackable
no
you can however make a password that would take unreasonable amount of time to crack

>3 errors
>locked out for 24 hours
>nearly 3 years to do 1,000 tries

Good luck with that I guess.

head -c 16 /dev/urandom | base64

>centralize all your passwords so hacker need only to crack/log your password once
>genius
Am the only one who finds password managers as the dumbest possible solution in security matter?

Can't recall source right now but I heard about year ago there is a way to bypass this cooldown on mobile devices

Password manager is a zoomer meme.

Use 2FA

arent password managers more unsecure because you have all your passwords at one place and saved on your computer?

>passwords at one place and saved on your computer
still better than facebook

Sure but password managers allow you to use really strong passwords for your accounts without the need to remember to them all.

They are encrypted with your master password though.

I use less pass and it doesn't store the passwords anywhere, instead it generates it every time from the website name and your master password. Basically a hash.

a 30 character password with numbers and symbols is crackable only by governments who will use supercomputers and millions of $$ in electricity to crack it

john slow, hashcat use my fast gamin GPU

1. they have to find out my account, where I certainly will not use my standard email address but something like "[email protected]" if supported.
2. 2FA

Been using John the Ripper jumbo with a raspberry pi cluster, pretty fun stuff

How is it made up though? Even if its long as fuck a ruleset could be created from a list that gets close to it. So if you have 4 words in your password with a few common symbols and numbers in it there is a chance for it to be cracked

If someone takes your gear, you sorta know instantly that something is wrong. Ergo, you'd already be contacting your financial companies to freeze things/change passwords/change cards or whatever and changing all your other passwords on whatever social media you used on that device. That won't take very long to do. However, cracking the device will take an ass load of time. The only thing the person cracking will get is old shit and general data. Maybe something to blackmail you with or at least try to. However, unless you are in a corporation with corporate data on that device then there's probably nothing to worry about. They will more than likely wipe the device and sell it and your personal data.

However, your personal data is safer on your device, even without it being locked, than it is anywhere else. This is because 100s of companies and government agencies have all of your personal data where hackers can lift much more easily than getting it from you; for the purposes of identify theft.

the longer the more secure. fuck special characters and shit.

>adjusts scanning range to over 30 chars alphanumeric full charset
thanks bro

uncrackable password would mean infinite entropy.

so no

Can't tell if your serious or just trolling.
If you've ever worked in security you'd know the importance of changing your password often.
Major banks use fobs with generated passwords that change every couple of minutes.

based

Attached: 1554554112098.webm (1283x540, 2.74M)

Make it the n word, you can't type the n word that is hate speech!!!

>NSA ruleset
What is this?

>will take a few decades to crack
you dumb fuck you can crack that shit in a week using a couple of highend video cards

>Is it possible to make an uncrackable password?
No.

You're thinking of CUPS.

The good thing about password managers is that you only need to memorize one strong passphrase in order to raise the strengh of ALL your passwords. With an 8 words passphrase your shit is """probably""" secure, at least in your life time, so it is uncrackable from your point of view at least.

Use ssh-keys and rate-limit with fail2ban.

Attached: f1691dcc-6d40-44cc-b8ca-fa047970c3a4.png (400x225, 113K)

and then some 15 year old script kid brute forces your 128 character password and gets lucky on the second try

Attached: shrug.jpg (502x304, 21K)

Very unlikely to happen.

but not impossible.

Not op, but can I get a quick rundown on ssh keys? Is it fine to have one key per one machine that I own, or even share the key between them? What if I, say, control a few VPSes with minor to no importance at all - is it safe to use my ssh key for them, or should I make new keys in case something happens?
t. retard who just got into ssh and stuff

your home computer is not a million dollar asset. if someone has the computing power to crack a reasonably secure password in a reasonable amount of time, they're not gonna waste it on trying to get access to your porn collection and your $10 checking account

You're kidding, right? Why are you arguing for having worse security practices? changing your pw once a month is not hard and the benefits are substantial.

Bump

People only hack from most basic combos like dragon:dragon123, data leaks or when you are a total brainlet and somehow manage to get a logger or login on scam website, no sane person is ever gonna bruteforce some fkin random user

It's not always about bruteforce. Companies get hacked and have user data leaked. There are many examples that we know about, not to mention ones we don't.

To have an uncrackable password it needs to be infinitely long. Or just don't have a password at all.

*presses "forgot password" repeatedly*

dumb "no one cares about your porn" poster.

I just gen a sha256 hash and print them out on paper.

ok so if I were to type 30 random characters right now what are my chances of guessing your password?

no one's gonna guess "NiggersTongueMyAnus148869", don't worry

also this

Well, it's always going to be possible to crack it - by trying every possible combination.

But as long as it's hashed by a proper key derivation algorithm, especially one resistant to hardware and side channel attacks with lots of iterations and it's not somehow backdoored, no. Nobody will ever get that.

Unless they use phishing or some site you use it on uses plain text or MD5 or SHA-2 or some insecure shit (though even SHA-2 should be safe on a password that long).

Yeah, because cracking AES-256 encryption with long, random passwords is super easy.

Trust me. Your password's complexity isn't your weakest link.

That's why you don't share passwords between services. Even if a company's stupid enough to store an un-salted hash of your password (or even your password as plain text), it should never affect you beyond the scope of that website.

Ok, Vlad. We get it, you don't want people changing their passwords.

The chances of it happening successfully are so small it might as well be impossible. You’re probably better off trying to win a million off a $5 scratch off

that's not how cracking works desu

Attached: 1526714112473.jpg (900x678, 137K)

i have all my passwords as 22+ characters with japanese symbols lol good luck

Changing your passwords is the wrong answer to the wrong problem. It's fine in a high-security local environment, but in an online environment it just increases the chance of human error.

And how many consumer systems support that or let alone mainstream 2FA. Oh yeah right.
Of course it'd be logical and the objectively best option to pair that with 2FA but no one supports it because it isn't worth it to people.

You're a way bigger dumb fuck. With a half decent password hashing algo like bcrypt with enough iterations to take 1 second per hash on a modern CPU, it would indeed take decades to crack even with serious hardware. Just as long as the password was something decent and not myfavpassword12345!

Statistically that is so improbable it wouldn't be wrong to call it impossible. And even if some script kiddie lands a literally once in the universes lifetime lucky hit he only got access to one account and not even that if you use 2FA as you should.

For websites that you'll only use once/occasionally: weak password
For everything else: strong password and unique from the websites that you use

It's not meant to be the only solution, Vlad. Defense in depth. There are many little things you can do to strengthen security.
It's even more important to change your pw every so often on online environments. See Companies are primary targets for hackers because they have all the info.
Why do I have to explain this to you?

I'm not suggesting everyone uses a fob. I'm pointing out that changing your pw every so often is a common security practice. Changing it once a year is better than nothing.

theoretically no
given enough time, you can crack any password, but you can make a password that will take longer than anyone could possibly wait to crack

Use 2FA.

>common security practice
It is common but it really shouldn't. If you aren't using a fob forcing users to often change their passwords is actually detrimental to security because they will just use the same password over and over and just increment a number as has been shown in countless studies. In an enterprise environment 2FA is the best option if you want effective security but don't want fobs for everyone, forcing people to change their passwords even if it's just twice a year is bad for security.

my psw is 8 chars upper lower cases numbers symbols (26*2+10+32)^8 ~= 6^15
good luck cracking that unless you have supercomputer, and if someone on our ass has a supercomputer you're fucked either way

>using 2FA means you can't or should change your pw every so often
ok, vlad.

*your ass

Have a petty (You) for your attempt.

>wanting to keep the same passwords for life

Again have a petty (You). I am sure some day you will manage to overcome your crippling straw addiction.

So you have kept the same passwords your whole life with no intention of changing them?

And another petty (You). As I said I believe in you, I'm sure that one day you will manage to cope without straw manning out your ass.

That's what I thought

There goes another petty (You).

lel, you are fucking weird.

>you are fucking weird
Said the guy getting petty (You)s that goes around implying people chose one password for life and never change it.

all passwords are useless at gun point

Giving "petty (You)s" is pretty fucking weird yes. Also the fact that you were arguing saying changing your password isn't good for security.
>forcing people to change their passwords even if it's just twice a year is bad for security.
This is pants on head retarded.

What environment?

It's a proven fact that forcing users to change their passwords regularly negatively affects security because they literally just do:
>password
>password1
>password2
>password3
>password4
It's not my fault that you aren't up to date with research from 2010 and even earlier studies.

>changing the password is bad for security
Is this what you are arguing for?

Serious question, how do people even crack passwords? And doesn't it matter on the website/software you are using?

idk how these work explain to a brainlet

>Is it possible to make an uncrackable password?
No
>My password is over 30 characters long with upper and lowercase, numbers and symbols but I'm not sure if it is enough
You're fine, but you should be prepared to change it again to something hundreds of times longer once quantum computers become a reality